Seeing may be believing, but not so in the cyberworld.
If you think deepfake is an issue that affects only celebrities like Alia Bhatt and Rashmika Mandanna, it’s time for a rethink. Deepfake is being used to target commoners as well.
Deepfake is a human impersonation of voice, images, or videos carried out through artificial intelligence. Already, several cases have surfaced where common citizens have been duped using fake videos and phone calls.
Take the instance of an ex-Coal India executive in Kerela who was cheated off 40,000 INR when his ‘deepfake’ ex-colleague requested money over a WhatsApp video call. Similarly, a senior citizen was being extorted money by using the face and voice of a retired UP police officer.
Not just common citizens, around 91% of US companies found deepfake to be a rising threat. A survey carried out by global cyber security solutions firm Regula found almost 37% of companies worldwide were affected by deepfake voice frauds, while 29% fell victim to deepfake videos.
Saurabh Lal, President of Customer Engagement and Cyber Research, CYFIRMA, feels this is just “the tip of an iceberg,” and there is a lot more going on in the cyber world as far as stolen identities are concerned.
StartupTalky takes a deep dive into the deepfake issue and sees if any probable solutions are in sight.
New Age Ammunition
Mitigating Deepfake
Digital Laws
New Age Ammunition
The rising number of internet users in India has meant a proportional rise in cyber crimes in India.
Data released by the National Crimes Records Bureau earlier this week showed a 24% rise in cyber crimes in India in 2022 over the previous year.
Bangalore-based digital threat-identifying company Cloudsek shares some astounding statistics: Between July 2023 and September 2023, 40,000 people were duped to the tune of 37 lakh INR, which flowed into the accounts of cybercriminals.
Cyber crimes have assumed various forms, with hacking and defacing Indian websites becoming common practices, in addition to leaking sensitive data.
Last year, in a reply to the Rajya Sabha, Minister of Information and Technology Rajeev Chandrasekhar said five servers and approximately 1.3 terabytes of data were affected when hackers infiltrated the All India Institute of Medical Sciences a year ago.
“It’s a very globally connected economy. We Indians are very well poised in terms of the young population, the population that is connected, the population that is internet savvy, English literate, and the IT back office of the world. We are the largest pharmaceutical manufacturer in the world. In such a scenario, various forces are trying to derail us,” said Lal from Cyfirma.
Earlier this year, in June, a group of Indonesian hackers were said to have defaced several Indian websites. Israeli cyber security firm Radware’s H1 2023 Threat Report claimed that hacktivist campaigns against India have been on the rise in the first half of 2023.
It’s not surprising then that Coudsek names India as the most targeted country by hacktivists or hacker activists.
Deepfake is soon becoming another potent weapon in the arsenal of cybercriminals and one that cannot be taken lightly.
A deepfake takes form in the artificial neural network. This network of neural connections and nodes carries tons of information and data. The developer of the deepfake video puts in a huge amount of data in the form of videos, images, and voices of the person that needs to be simulated. Once this data is fed, the application improves on it through machine learning and can even cross-check for fakeness until it deems fit. The outcome is a near-perfect depiction of the person whose identity has been morphed, including minute details such as skin tone, voice, and facial features, to name a few.
While such a process could make for a great VFX motion picture, certain anti-social elements use it to tarnish the image of a person or organization. In extreme cases, these deepfake videos also end up being a threat to a nation.
Mitigating Deepfake
If an individual or organization finds himself or herself dragged into a deepfake issue, Techno Companion’s founder, Sahil Jain, recommends reporting the video on the social media platform, followed by reporting to the cyber crime cell.
Soon after the Rashmika Mandanna deepfake video went viral, the Indian government asked all social media platforms to take down deepfake videos circulating on social media. The government also said it would announce draft guidelines to address the deepfake issue.
Sahil feels such filters should become a routine practice among social media platforms in a way where each video is vetted before it makes it online.
But wouldn’t this be a huge burden in terms of time, money, and manpower? Jain disagrees.
The cost of implementation, the server cost, and the coding fees are there, but that is almost minimal. There won’t be any real people involved. in it. You just have to put the technology in place, and the technology will do it by itself, said Sahil from Techno Companion.
KPMG recommends a “zero-trust” and “multi-factor authentication” process to mitigate cyber security threats.
“The average cost of a cyber security breach was $1.76 million less for an organization with a mature zero-trust methodology relative to those who don’t employ zero trust,” said KPMG in its note on Deepfakes.
As precautions against identity theft, Regula prescribes thorough ID verification and biometric verification.
“To ensure that fraudsters cannot reuse users’ liveness sessions for tampering, the enrollment process for every company’s requirements should be set up with unique parameters,” Regula said.
Digital Laws
Although the government has asked affected individuals to file a First Information Report with their nearest police station and avail remedies as per the IT rules, India lacks specific laws to deal with the deepfake per se.
The problem that I see at the moment is that there are not very solid, effective laws to deal with this. Because technology is evolving at the same pace, or at least to cope with it, the laws have to be put in place so that anyone can do it, said Jain from Techno Companion.
The situation is no different in other countries.
Currently, in the US, different states have different sets of laws governing deepfakes and their usage, although no federal law is in place yet. The UK has funded several research projects and programs that create awareness surrounding the deepfake issue. The UK recently enacted the Online Safety Act, which puts the onus on technology firms to monitor the content on the respective platforms.
South Korea has made it illegal to distribute deepfake videos that could cause harm to national interests, accompanied by a heavy fine and imprisonment.
Back in India, policymakers are probably in a huddle over the intricacies of digital law. Meanwhile, Google India has already collaborated with various stakeholders to make responsible use of AI. It has invested around $1 million in the Indian Institute of Madras to set up a multidisciplinary center for responsible AI and is holding discussions with policymakers and researchers on the same.
“In this world, enforcement is possible with compliance and fines,” observes Lal from Cyfirma.
Conclusion
India, along with the rest of the world, is treading through uncharted cyberspace when it comes to artificial intelligence and machine learning. Hence, playing catch and mouse for law enforcers could be a bit more tricky as far as cyber crimes are concerned. For the time being, the government, organizations, and firms can try to create more awareness amongst people on how to deal with cyber crimes and provide easier access to cyber law enforcers. And more importantly, for internet users, an awareness that the eyes too may lie may save trouble to some extent.
Muskaan Kapoor
